Merge branch 'next' of https://github.com/friendsofthinkphp/think-jwt into next

Author: edenleung

README.md

@@ -109,6 +109,8 @@ public function login()
 
 ## Token 验证
 
+自动获取当前应用（多应用下）配置。
+
 ### 手动验证
 ```php
 use xiaodi\JWTAuth\Facade\Jwt;
@@ -135,7 +137,11 @@ class User {
 ```php
 use xiaodi\JWTAuth\Middleware\Jwt;
 
+// 自动获取当前应用配置
 Route::get('/hello', 'index/index')->middleware(Jwt::class);
+
+// 自定义应用 使用api应用配置
+Route::get('/hello', 'index/index')->middleware(Jwt::class, 'api');
 ```
 
 ## Token 自动获取

src/Config/Token.php

@@ -82,6 +82,11 @@ public function getReloginCode()
     {
         return $this->relogin_code;
     }
+    
+    public function getRefreshCode()
+    {
+        return $this->refresh_code;
+    }
 
     public function getAutomaticRenewal()
     {
@@ -92,4 +97,5 @@ public function getTokenType()
     {
         return $this->type;
     }
+    
 }

src/Handle/Url.php

@@ -8,6 +8,6 @@ class Url extends RequestToken
 {
     public function handle()
     {
-        return $this->app->request->param('token');
+        return $this->app->request->get('token');
     }
 }

src/Middleware/Jwt.php

@@ -5,6 +5,7 @@
 namespace xiaodi\JWTAuth\Middleware;
 
 use think\App;
+use think\Response;
 use xiaodi\JWTAuth\Exception\JWTException;
 
 /**
@@ -19,25 +20,27 @@ public function __construct(App $app)
         $this->app = $app;
     }
 
-    public function handle($request, \Closure $next)
+    public function handle($request, \Closure $next, $store = null)
     {
-        // 暂时修复 6.0.3 options 问题
-        if ($request->isOptions()) {
-            return $next($request);
+        if ($request->method(true) == 'OPTIONS') {
+            return Response::create()->code(204);
         }
 
-        if (true === $this->app->get('jwt')->verify()) {
-
-            $user = $this->app->get('jwt.user');
+        if (true === $this->app->get('jwt')->store($store)->verify()) {
 
-            if ($user->getBind()) {
-                if ($info = $user->get()) {
+            if ($this->app->get('jwt.user')->getBind()) {
+                if ($user = $this->app->get('jwt.user')->find()) {
                     // 路由注入
-                    $request->user = $info;
+                    $request->user = $user;
 
                     // 绑定当前用户模型
-                    $model = $user->getClass();
-                    $this->app->bind($model, $info);
+                    $class = $this->app->get('jwt.user')->getClass();
+                    $this->app->bind($class, $user);
+
+                    // 绑定用户后一些业务处理
+                    $this->bindUserAfter($request);
+                } else {
+                    throw new JWTException('登录校验已失效, 请重新登录', 401);
                 }
             }
 
@@ -46,4 +49,10 @@ public function handle($request, \Closure $next)
 
         throw new JWTException('Token 验证不通过', 401);
     }
+
+    protected function bindUserAfter($request)
+    {
+        // 当前用户
+        // $request->user
+    }
 }

src/Service/Jwt.php

@@ -33,9 +33,13 @@ public function __construct(App $app)
         $this->init();
     }
 
-    public function store(string $store)
+    public function store(string $store = null): self
     {
-        $this->store = $store;
+        if ($store) {
+            $this->store = $store;
+        }
+        
+        return $this;
     }
 
     public function getStore()
@@ -111,4 +115,19 @@ public function ttl()
     {
         return $this->app->get('jwt.token')->getRefreshTTL();
     }
+
+    public function refresh(?string $token = null)
+    {
+        return $this->app->get('jwt.token')->refresh($token);
+    }
+
+    public function logout(?string $token = null)
+    {
+        return $this->app->get('jwt.token')->logout($token);
+    }
+
+    public function destroyToken($jti, $store)
+    {
+        return $this->app->get('jwt.manager')->destroyToken($jti, $store);
+    }
 }

src/Service/Manager.php

@@ -5,6 +5,7 @@
 namespace xiaodi\JWTAuth\Service;
 
 use Lcobucci\JWT\Token;
+use Lcobucci\JWT\Parser;
 use think\App;
 use xiaodi\JWTAuth\Config\Manager as Config;
 
@@ -37,57 +38,61 @@ protected function resloveConfig()
 
     public function login(Token $token): void
     {
-        $jti = $token->getClaim('jti');
-        $store = $token->getClaim('store');
-
-        $exp = $token->getClaim('exp') - time();
-
         if ($this->app->get('jwt.sso')->getEnable()) {
-            $this->handleSSO($store, $jti, (string) $token, $exp);
+            $this->handleSSO($token);
         }
 
-        $this->pushWhitelist($store, $jti, (string) $token, $exp);
+        $this->pushWhitelist($token);
     }
 
-    protected function handleSSO($store, $jti, $token, $exp)
+    protected function handleSSO(Token $token): void
     {
-        $key = $this->formatWhiteKey($store, $jti);
-        if ($this->app->cache->has($key)) {
-            $this->clearCache($store, $this->config->getWhitelist(), $jti);
-            $this->pushBlacklist($store, $jti, (string) $token, $exp);
-        }
-    }
+        $jti = $token->getClaim('jti');
+        $store = $token->getClaim('store');
+        $exp = $token->getClaim('exp') - time();
 
-    protected function pushWhitelist($store, $jti, string $value, $exp): void
-    {
-        $this->setCache($store, $this->config->getWhitelist(), $jti, $value, $exp);
+        $this->destroyToken($jti, $store);
     }
 
-    protected function pushBlacklist($store, $jti, string $value, $exp): void
+    protected function pushWhitelist(Token $token): void
     {
-        $this->setCache($store, $this->config->getBlacklist(), $jti, $value, $exp);
+        $jti = $token->getClaim('jti');
+        $store = $token->getClaim('store');
+        $exp = $token->getClaim('exp') - time();
+        $tag = $store .'-' . $this->config->getWhitelist();
+
+        $key = $this->formatKey($store, $this->config->getWhitelist(), $jti, (string)$token);
+        $this->setCache($tag, $key, (string)$token, $exp);
     }
 
-    public function logout(Token $token): void
+    protected function pushBlacklist(Token $token): void
     {
         $jti = $token->getClaim('jti');
         $store = $token->getClaim('store');
 
         $exp = $token->getClaim('exp') - time();
-        $this->pushBlacklist($store, $jti, (string) $token, $exp);
+        $tag = $store .'-' . $this->config->getBlacklist();
+        $key = $this->formatKey($store, $this->config->getBlacklist(), $jti, (string)$token);
+
+        $this->setCache($tag, $key, (string)$token, $exp);
+    }
+
+    public function logout(Token $token): void
+    {
+        $this->pushBlacklist($token);
     }
 
     public function wasBan(Token $token): bool
     {
         $jti = $token->getClaim('jti');
         $store = $token->getClaim('store');
 
-        return $this->getBlacklist($store, $jti) ? true : false;
+        return $this->getBlacklist($store, $jti, (string)$token) === (string) $token ? true : false;
     }
 
-    protected function getBlacklist($store, $jti)
+    protected function getBlacklist(string $store, string $jti, string $token)
     {
-        return $this->getCache($store, $jti, $this->config->getBlacklist());
+        return $this->getCache($store, $this->config->getBlacklist(), $jti, $token);
     }
 
     public function destroyStoreWhitelist($store): void
@@ -102,7 +107,24 @@ public function destroyStoreBlacklist($store): void
 
     public function destroyToken($id, $store): void
     {
-        $this->clearCache($store, $this->config->getWhitelist(), $id);
+        $type = $this->config->getWhitelist();
+        $tag = $store .'-' . $type;
+
+        $rule = implode(':', [$this->config->getPrefix(), $store, $type, $id]);
+        $keys = $this->app->cache->getTagItems($tag);
+        $parser = new Parser();
+
+        foreach($keys as $key) {
+
+            if (false !== strpos($key, $rule)) {
+                $value = $this->app->cache->get($key);
+
+                if ($value) {
+                    $token = $parser->parse($value);
+                    $this->pushBlacklist($token);
+                }
+            }
+        }
     }
 
     protected function clearStoreWhitelist($store): void
@@ -120,26 +142,14 @@ private function clearTag($tag): void
         $this->app->cache->tag($tag)->clear();
     }
 
-    private function setCache($store, $type, $uid, $value, $exp): void
-    {
-        $key = $this->formatKey($store, $type, $uid);
-
-        $this->app->cache->tag($store . '-' . $type)->set($key, $value, $exp);
-    }
-
-    protected function formatWhitelist($store, $uid): string
-    {
-        return $this->formatKey($store, $this->config->getWhitelist(), $uid);
-    }
-
-    protected function formatBlacklist($store, $uid): string
+    private function setCache($tag, $key, $value, $exp): void
     {
-        return $this->formatKey($store, $this->config->getBlacklist(), $uid);
+        $this->app->cache->tag($tag)->set($key, $value, $exp);
     }
 
-    private function formatKey($store, $type, $uid): string
+    private function formatKey($store, $type, $uid, $value): string
     {
-        $key = implode(':', [$this->config->getPrefix(), $store, $type, $uid]);
+        $key = implode(':', [$this->config->getPrefix(), $store, $type, $uid, md5($value)]);
 
         return $key;
     }
@@ -151,9 +161,9 @@ private function clearCache($store, $type, $uid): void
         $this->app->cache->delete($key);
     }
 
-    private function getCache($store, $uid, $type)
+    private function getCache($store, $type, $jti, $token)
     {
-        $key = implode('', [$this->config->getPrefix(), $store, $type, $uid]);
+        $key = implode(':', [$this->config->getPrefix(), $store, $type, $jti, md5($token)]);
 
         return $this->app->cache->get($key);
     }

src/Service/Token.php

@@ -64,7 +64,11 @@ protected function resolveConfig(): array
         $store = $this->getStore();
         $options = $this->app->config->get("jwt.stores.{$store}.token", []);
 
-        return $options;
+        if (!empty($options)) {
+            return $options;
+        }
+
+        throw new JWTException($store . '应用 Token 配置未完整', 500);
     }
 
     protected function makeId(array $claims)
@@ -138,7 +142,7 @@ protected function automaticRenewalToken(JwtToken $token)
         return $token;
     }
 
-    protected function parseToken(string $token): JwtToken
+    public function parseToken(string $token): JwtToken
     {
         try {
             $token = (new Parser())->parse($token);
@@ -181,7 +185,7 @@ public function verify(string $token): ?bool
                 if ($this->config->getAutomaticRenewal()) {
                     $this->token = $this->automaticRenewalToken($this->token);
                 } else {
-                    throw new TokenAlreadyEexpired('Token 已过期，请重新刷新', $this->config->getReloginCode());
+                    throw new TokenAlreadyEexpired('Token 已过期，请重新刷新', $this->config->getRefreshCode());
                 }
             } else {
                 throw new TokenAlreadyEexpired('Token 刷新时间已过，请重新登录', $this->config->getReloginCode());
@@ -207,6 +211,33 @@ public function verify(string $token): ?bool
         return true;
     }
 
+    public function refresh(string $token = null): JwtToken
+    {
+        $token = $token ?: $this->getRequestToken();
+        $token = $this->parseToken($token);
+
+        $claims = $token->getClaims();
+
+        unset($claims['iat']);
+        unset($claims['jti']);
+        unset($claims['nbf']);
+        unset($claims['exp']);
+        unset($claims['iss']);
+        unset($claims['aud']);
+
+        $this->app->get('jwt.manager')->logout($token);
+
+        return $this->make($claims);
+    }
+
+    public function logout(?string $token = null): void
+    {
+        $token = $token ?: $this->getRequestToken();
+        $token = $this->parseToken($token);
+
+        $this->app->get('jwt.manager')->logout($token);
+    }
+
     /**
      * 自动获取请求下的Token.
      *

src/Service/User.php

@@ -44,9 +44,12 @@ protected function resolveConfig(): array
 
     public function getClass(): string
     {
-        $store = $this->getStore();
-        $class = $this->config->getClass();
-        if (!$class) {
+        $token = $this->app->get('jwt')->getToken();
+
+        try {
+            $class = $token->getClaim('model', $this->config->getClass());
+        } catch (\OutOfBoundsException $e) {
+            $store = $this->getStore();
             throw new JWTException("{$store}应用未配置用户模型文件");
         }
 
@@ -58,7 +61,7 @@ public function getBind()
         return $this->config->getBind();
     }
 
-    public function get()
+    public function find()
     {
         $class = $this->getClass();
         $token = $this->app->get('jwt')->getToken();